We use cookies to collect & analyze data related to the performance & usage of this website, to provide social networking functionality, and to improve & personalize our content & advertising. Learn More
Cybersecurity has been high on the agenda in recent years, especially among companies and organizations. At the IT level, the leaks have usually already been plugged, but when it comes to OT infrastructure, the risks are still too often underestimated. However, the continuity of business processes and the protection of personal information are crucial. A cybersecurity audit can reveal the areas for improvement.
Over the last 10 years, in the field of cybersecurity in buildings, much attention has been paid to the pure IT infrastructure such as computers and printers. However, OT - operational technology - is still too often treated as a stepmother. However, the use of cameras, access control, fire detection and building management systems for cooling and heating that are connected to the network, among others, has increased dramatically. This makes OT infrastructure vulnerable to misuse.
A lot of building managers or users are unaware of the potential risks of poor OT protection. For example, access control software contains personal data subject to the GDPR. A poorly secured camera system allows hackers to look around your building. It not only violates the privacy of those who walk around in it, but can also lead to physical break-ins and theft. Hacking the cooling or heating systems can cause a production facility to shut down. And these are just a few examples.
Action is taken not only at the technical level but also at the organizational level. This is done according to the principle of Organizational Physical Electronic Notification Measures (OFEM). That OFEM principle can be applied in both the physical and virtual world.
Cybersecurity audit
Together with NVISO Belgium, Ingenium performs cybersecurity audits at companies and organizations. We combine NVISO's expertise on the IT side with our technical knowledge on the OT side. An audit starts with a number of workshops with the client to get to know the building and the techniques better. Extra attention is paid to the critical installations, whose risk of failure will be tested.
Mapping will include:
How the network is constructed and managed
What information is easy to obtain and what info can be considered critical
which rooms with technical equipment are accessible without authorization
what the login procedures are which data points (for phone or Internet, for example) are easily accessible
which software applications should be tested to verify that the data is properly protected.
Internal and remote
Not only in the building itself are tests performed. With remote access testing, we see whether technical installations can also be taken over remotely. Among other things, it is important to know:
Which technical installations are accessible from outside for maintenance by external partners
Whether authentication is done with fixed passwords or with multifactor authentication.
Possible pain points
The potential pain points encountered in recent office buildings during a cybersecurity audit are:
The lack of malware detection and a firewall that acts as a good "referee" for the techniques' dataflows
Technical systems are not secured and freely accessible over the network
No conclusive password policy which means one can never find out afterwards exactly who did what action
Personalized data that is easy to find
Technical classrooms that are physically accessible to everyone
No use of encryption
Lack of security patches
No proper backup and restore policy
Login procedure for "remote access" (logging in from outside the corporate network) is often inadequate
Adaptation and retesting
So the problems were in the areas of hardware, software and network construction. Many of the listed security risks were not located outside but inside the building itself. After the audit, in consultation with the customer, we looked at which issues needed to be eliminated and which could be considered an acceptable risk. This is based on risk versus cost. When the necessary adjustments are made, a new test follows to see if the desired result is actually achieved.
The audit in this example clearly showed that numerous risks were present. The growing number of IP devices in the OT world means that extra attention is needed to build the networks in a secure manner.
Could your company or organization also use a cybersecurity audit? Our expert Tim Opsomer would be happy to explain: tim.opsomer@ingenium.be.
Vlaanderen besliste dat vanaf 2026 enkel nog fossielvrije bedrijfswagens – volledig elektrisch of op waterstof – fiscaal aftrekbaar zullen zijn. Een leasewagen op diesel of benzine zal voor 0% aftrekbaar zijn. Daarnaast moeten gebouwen die niet voor bewoning bestemd zijn en een minimaal aantal parkeerplaatsen hebben, tegen 2025 of bij nieuwbouw of ingrijpende renovatie zelfs onmiddellijk laadpalen voor elektrische voertuigen voorzien.
In today's rapidly changing world, managing real estate is more challenging than ever. The industry is evolving at an unprecedented pace, confronting unique obstacles and changes that require our full attention and adaptability.
The decision to make a building intelligent is best made as early as the concept phase of a construction or renovation project. Yet technology can also be integrated incrementally afterwards. While this approach requires an accurate inventory of the possibilities, followed by a conscious choice of focal themes.
